Avoid Reporting Cybersecurity Updates and Patches to the FDA

Is a cybersecurity patch or update a reportable event under the Reports of Corrections and Removals regulation? (21 CFR Part 806) The FDA issued a guidance document recently entitled, “Postmarket Management of Cybersecurity in Medical Devices.” It explains that a patch or update to correct and/or prevent a cybersecurity breach or weakness does not necessarily require a report under Part 806. Whether the District Office recall coordinators still expect a report is not addressed.

The ONC established the Information Sharing Analysis Organization (ISAO) that provides a forum for manufacturers to voluntarily participate in what could be seen as a self-help group. Participation in the ISAO gives you a pass on reporting under Part 806. Why? The FDA cannot address the overwhelming volume and aggressive evolution of cybersecurity problems with medical devices. Sadly, the problems involve more than devices themselves, it cascades into bad publicity and patients become alarmed due to the publicity of cybersecurity attacks.

The problem is not limited to devices alone, healthcare facilities find their software systems are held ransom until they pay for a restoration, a coercive extortion. Without institutional software, current medical care procedures grind back to a manual program, much like a flashback to SOPs in the 1950s. Patients on life support and life sustaining devices are placed in immediate danger.

The National Institute of Standards and Technology (NIST) is trying to make headway in providing guidance on how to manage these kinds of issues that plague devices and health care organizations. Neither you nor the FDA can keep up with preventative measures. Hackers are ahead of the game.

The webinar will address how the federal government is creating a forum for manufacturers to share information and their experiences concerning cybersecurity. Maybe reporting a patch or update under Part 806 is an acceptable cost for not participating in the ISAO program. There are issues lurking behind the use of the ISAO forum. Make sure you consider the issues that are included in this webinar.

Areas Covered in the Session :

FDA Guidance and Strategy

Industry wide approach

Regulatory relief from required reports

Management of Health Information

National Institute of Standards and Technology Cybersecurity guidelines

Business risks vs. benefits for application interface programs (AIP)

Hospital extortion

FBI warning to the medical device industry

Who Will Benefit:

Regulatory Affairs Departments

Quality Assurance Departments

Software Design Engineers

Manufacturing Departments

Compliant Departments

Hospital Risk Departments

Software Program Marketers

IT Security Departments

Marketing Departments

Home Healthcare Services

Healthcare Information Protection Departments

Capital Venture Firms

Medical Device Consultants

MD1977

Casper E. Uldriks

Casper (Cap) Uldriks brings over 32 years of experience from the FDA. He specialized in the FDA’s medical device program as a field investigator, served as a senior manager in the Office of Compliance and as an Associate Center Director for the Center for Devices and Radiological Health. He developed enforcement actions and participated in the implementation of new statutory requirements. He is recognized as an exceptional and energetic speaker. His comments are candid, straightforward and of practical value. He understands how FDA thinks, operates and where it is headed. Cap is the President of Encore Insight LLC, a consulting and training service for FDA law and operations.

Refund Policy

Webinar Compliance reserves the right to cancel or reschedule any Webinar/event due to inevitable reasons such as insufficient registrations or circumstances beyond its control. All the attendees will be notified about the cancellation of the event, 24 hours prior to the start time of the Webinar event.

The cancelled Webinar, could be rescheduled and a New Date would be promptly intimated to the attendees.

In such an event, the attendee can opt for one of the below :

If the New Date is not of convenience, the webinar stream (1-Time Recording) may be availed.

The attendees may also opt to take a different webinar, which has a same price tag at a future date & time; they are welcome to do so.

On-Demand recordings (Past events) in exchange but equal to the original amount remitted.

A redeemable voucher (Valid for 12 months), which could be used to purchase any of our future events.

Webinar Compliance will process refund only if an event that has been cancelled, is not rescheduled within 90 days from the original scheduled date of the webinar.

If a webinar is canceled completely, an attendee may opt either of above points 2,3,4, or a full refund of the amount paid in a single settlement. The payment will be processed within 7 Business days from the day, we receive the refund request. However, Webinar Compliance will not be responsible for any penalties or other expenditure incurred due to the cancellation.

​Individual attendees can cancel their event for any specific reason. They must notify Webinar Compliance about the cancellation of their registration at least 48 hours prior to the event start date and time.

If the attendee fails to cancel the registration to the event within the above mentioned stipulated time or if fails to attend the event, no refund shall be made.

​

​For further clarification on the refund or cancellation policy, you can contact the support team over the phone or please write to us on support@webinarcompliance.com, with the transaction ID, event ID & event date in the subject column.